Atty. Dkt. No. 068398-0104 

Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims: 

1 . (Currently amended) An authentication method providing a data signing 
function that determines an authentication tag for use in conjunction with transfer of data 
using a communication channel or with data storage on storage media, comprising the steps 
of: 

partitioning said data into a plurality of data blocks; 

for each of said data blocks, performing a randomization function over said 
data block to create an input block of the same size as that of said data block, said input block 
not including a block identifier; 

applying a pseudo-random function to each said input block to create a 
plurality of enciphered blocks; and 

after said applying step, combining said plurality of enciphered blocks to 

create an authentication tag. 

2. (Original) The method of claim 1, wherein the pseudo-random function is a 
standard block cipher. 

3. (Original) The method of claim 1, wherein each of said data blocks is I bits in 

length. 

4. (Currently Amended) The method of claim 3, comprising the step of creating 
a random vector block of t bits in lengt h and then applying the pseudo-random function to the 

random vector block. 

5. (Currently Amended) The method of claim 4, wh e r e in th e step of p e rforming 
a randomization function ov e r said plurality of data blocks includ e s further comprising 
performing the randomization function over the random vector block to obtain a randomized 
random vector block, and then applying the pseudo-random function to the randomized 
random vector block . 
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6. (Currently Amended) An authentication method providing a data signing 
function that determines an authentication tag, comprising the steps of: 

receiving an input plaintext string comprising the data to be signed and 
padding it as necessary such that its length is a multiple of I bits; 

partitioning the padded input plaintext string into a plurality of equal-size 
plaintext blocks of / bits in length; 

creating a random vector of / bits in length; 

performing a randomization function over said plurality of plaintext blocks 
and the random vector block to create a plurality of input blocks each of I bits in length; 

applying a block cipher using a secret key over each of said input blocks to 
create a plurality of enciphered blocks each of L bits in length; and 

after said applying step, p erforminR a combination operation over said 
plurality of enciphered blocks to create an authentication tag. 

7. (Original) The method as defined in claim 6, comprising the steps of: 
wherein said performing a randomization function step comprises combining 

each of said plaintext blocks and the random vector block with a different corresponding 
element of a sequence of unpredictable elements to create a plurality of input blocks. 

8. (Original) The method as defined in claim 7, comprising the step of 
generating said random vector block from a random number generated on a per-message 
basis. 

9. (Original) The method as defined in claim 7, further comprising the step of 
appending the created random vector block after a last block of the set of equal-sized blocks 
comprising the padded plaintext string. 

10. (Original) The method as defined in claim 7, wherein the input blocks from 
the randomization step comprise n+1 blocks each of /-bit length, where n is the total number 
of blocks in said set of equal-sized blocks of the padded input plaintext string. 

1 1 . (Original) The method as defined in claim 7, further comprising the step of 
generating each of a plurality of the unpredictable elements of said sequence of unpredictable 
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elements by combining a different element index i of each of the unpredictable elements and 
a random initial vector. 

12. (Original) The method as defined in claim 11, comprising the step of 
generating said random initial vector from a random number generated on a per-message 
basis. 

13. (Original) The method as defined in claim 8, further comprising the steps of: 
wherein said sequence of the unpredictable elements is generated by 

combining a different element index i of each of the unpredictable elements and a random 
initial vector; and 

wherein said random initial vector is generated from said random number. 

14. (Original) The method as defined in claim 8, further comprising the steps of: 
enciphering a random number using the block cipher using the secret key to 

generate a random initial vector; 

using this random initial vector to generate the elements of the sequence of 
unpredictable elements. 

15. (Original) The method of claim 7, wherein said random vector is generated by 
enciphering a random number of I bits in length, said enciphering using said block cipher 

using a secret second key. 

16. (Original) The method as defined in claim 8, wherein said random vector is 
generated by enciphering a variant of said random number of i bits in length, said enciphering 
using said block cipher using said secret key. 

17. (Original) The method as defined in claim 16, wherein said variant of said 
random number is obtained by adding a non-zero constant to said random number. 

18. (Original) The method of claim 8, further comprising the steps of: 
wherein the random number is provided by a random number generator; and 
outputting the random number as an output block of the authentication 

scheme. 
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19. (Original) The method as defined in claim 7, further comprising: 
generating said random initial vector by enciphering a count of a counter 

initialized to a constant, said enciphering being performed with the block cipher using the 
secret key; 

generating said random vector block from said count of a counter; and 
incrementing said counter by one on every message signing. 

20. (Original) The method as defined in claim 19, wherein said random vector 
block is generated by enciphering said count of a counter using a second secret key. 

21 . (Original) The method as defined in claim 19, wherein said random vector is 
generated by enciphering a variant of said count of a counter, said enciphering using said 
block cipher using said secret key. 

22. (Original) The method as defined in claim 21, wherein said variant of said of 
said count of a counter is obtained by adding a non-zero constant to said count of counter. 

23. (Original) The method as defined in claim 19, wherein said counter is 
initialized to a constant whose value is the /-bit representation of negative one. 

24. (Original) The method as defined in claim 19, further comprising: 
outputting said counter value as an output block of the authentication scheme. 

25. (Original) The method as defined in claim 7, further comprising the steps of: 
wherein the random vector is generated from a shared, per-key, random 

initialization vector and the count of a counter; 

incrementing said counter by one on every message signing, wherein said 
counter is initialized to a constant whose value is the /-bit representation of negative one; and 

outputting said counter value as an output block of the authentication scheme. 

26. (Original) The method as defined in claim 6, wherein said combination 
operation comprises a bit-wise exclusive-or operation. 
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27. (Original) The method as defined in claim 6, wherein said combination 
operation comprises an addition modulo 2 L - 1 . 

28. (Original) The method as defined in claim 6, wherein said combination 
operation comprises a subtraction modulo 2 L - 1. 

29. (Original) The method as defined in claim 7, wherein said combining step to 
create a plurality of input blocks comprises an addition modulo 2 i operation. 

30. (Original) The method as defined in claim 7, wherein said combining step to 
create a plurality of input blocks comprises a bit- wise exclusive-or operation. 

3 1 . (Original) The method as defined in claim 7, wherein said combining step to 
create a plurality of input blocks comprises a subtraction modulo 2 e operation. 

32. (Original) The method as defined in claim 7, further comprising: 
generating a random initial vector from a random number of £-bit length; and 
generating each element in said sequence of unpredictable elements by 

modular 2 e multiplication of a different unique element identifier (i) for each element in the 
sequence of unpredictable elements and said random initial vector. 

33. (Original) The method as defined in claim 7, further comprising: 
generating a random initial vector from a random number of £-bit length; and 
generating each element in said sequence of unpredictable elements from the 

previous element by modular 2 e addition of said random initial vector to the previous element, 
with a first element of said sequence being said random initial vector itself. 

34. (Original) The method of claim 6, wherein said performing a randomization 
function over said plurality of plaintext blocks and the random vector block is done 
concurrently for each plaintext block and the random vector block. 

35. (Original) The method of claim 6 wherein the plurality of input blocks 
resulting from performing a randomization function over said plurality of plaintext blocks and 
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the random vector block are concurrently presented to a plurality of block ciphers using a 
secret key. 

36. (Currently amended) An authentication method providing a data signing 
function that determines an authentication tag, comprising the steps of: 

receiving an input plaintext string comprising the data to be signed and 
padding it as necessary such that its length is a multiple of I bits; 

partitioning the padded input plaintext string into a plurality of n equal-size 
plaintext blocks of I bits in length; 

performing a randomization function over said plurality of n plaintext blocks 
to create a plurality of input blocks each of t bits in length; 

applying a block cipher using a secret key over each of the said input blocks 
to create a plurality of enciphered blocks each of L bits in length; and 

after said applying step, p erforming a combination operation over said 
plurality of enciphered blocks to create an authentication tag. 

37. (Original) The method of claim 36, wherein said step of performing a 
randomization function over said plurality of n plaintext blocks comprises combining each of 
said plurality of plaintext blocks with a different corresponding element of a plurality of n 
unpredictable elements to create a plurality of input blocks. 

38. (Original) The method of claim 36, wherein each of the said plurality of n 
unpredictable elements is obtained by applying an operation to a different per-message 
unpredictable element and each of a plurality of internal unpredictable elements. 

39. (Original) The method of claim 38, further comprising the steps of: 
wherein said per-message unpredictable element is obtained from an /-bit 

counter and a secret, first random initial vector shared between sender and receiver; and 

wherein each of said plurality of internal unpredictable elements is obtained 
from an /-bit element index and a secret, second random initial vector shared between sender 
and receiver. 
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40. (Original) The method of claim 38, wherein said operation applied to a 
different per-message unpredictable element and each of a plurality of internal unpredictable 

elements comprises an addition modulo 2 e operation. 

41. (Original) The method of claim 38, wherein said operation applied to a 
different per-message unpredictable element and each of a plurality of internal unpredictable 

elements comprises a subtraction modulo 2 e operation. 

42. (Original) The method of claim 38, wherein said operation applied to a 
different per-message unpredictable element and each of a plurality of internal unpredictable 
elements comprises a bit-wise exclusive-or operation. 

43. (Original) The method of claim 39, further comprising the steps of: 
wherein said per-message unpredictable element is obtained by multiplication 

modulo 2 e of said secret, first random initial vector with a different value of the counter; and 

wherein each of said plurality of internal unpredictable elements is obtained by 
multiplication modulo 2 e of said secret, second random initial vector with a different value of 
the index. 

44. (Original) The method of claim 39, further comprising the steps of: 
wherein said per-message unpredictable element is obtained from the previous 

per-message unpredictable element by modular 2 l addition of said first random initial vector 
to the previous per-message unpredictable element, with a first per-message unpredictable 
element being said first random initial vector itself; and 

wherein each of said plurality of internal unpredictable elements is obtained 

from the previous internal unpredictable element by modular 2 e addition of said second 
random initial vector to the previous internal unpredictable element, with a first internal 
unpredictable element being said second random initial vector itself. 

45. (Original) The method of claim 37, wherein said combining step to create a 
plurality of input blocks comprises an addition modulo 2 l operation. 
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46. (Original) The method of claim 37, wherein said combining step to create a 
plurality of input blocks comprises a subtraction modulo 2 e operation. 

47. (Original) The method of claim 37, wherein said combining step to create a 
plurality of input blocks comprises a bit-wise exclusive-or operation. 

48. (Previously presented) The method of claim 38, comprising: 
generating said counter anew for every new key; 
initializing generated counter to a constant value; and 

for each message being signed using key, incrementing said counter by one; 

and 

outputting said counter as an output block of the authentication scheme. 

49. (Original) The method as defined in claim 36, wherein said combination 
operation comprises a bit-wise exclusive-or operation. 

50. (Original) The method as defined in claim 36, wherein said combination 
operation comprises an addition modulo 2 L - 1 . 

51. (Original) The method as defined in claim 36, wherein said combination 
operation comprises a subtraction modulo 2 L - 1 . 

52. (Withdrawn - Currently amended) A verification method for the 
authentication method, which provides data integrity, comprising the steps of: 

presenting a string including a plaintext string and an input authentication tag 
for verification; 

partitioning said plaintext string into a plurality of n plaintext blocks 
comprising / bits each; 

performing the same randomization function as that used at a signing method 
for determining an authentication tag over said plurality of plaintext blocks to create a 
plurality of input blocks each of I bits in length; 

applying a block cipher using a secret key over each of the said input blocks to 
create a plurality of enciphered blocks each of L bits in length; 
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after said applying step, p erforming the same combination operation as that 
used at a signing method for determining an authentication tag over said plurality of 
enciphered blocks to compute an authentication tag; 

verifying integrity of the plaintext blocks by comparing the input 
authentication tag and the computed authentication tag. 

53. (Withdrawn) The method as defined in claim 52, further comprising the steps 

of: 

creating a secret random vector block of I bits in length; 

performing the same randomization function as that used at a signing method 
for determining an authentication tag over said plurality of plaintext blocks and the secret 
random vector block to create a plurality of input blocks each of I bits in length; 

wherein performing said randomization function further comprises: 

deriving a random initial vector from said string presented for verification; 

generating a sequence of unpredictable elements each of l-b\t length from said 
random initial vector in the same manner as used at signing method; and 

selecting n plaintext blocks from said string in the same order as that used at 
the signing method, and combining said selected plaintext blocks and the random vector with 
a different corresponding element of said sequence of unpredictable elements to obtain a 
plurality of input blocks, in the same manner as that used at the signing method. 

54. (Withdrawn) The method as defined in claim 52, wherein performing said 
randomization function further comprises: 

using a secret, random initial vector shared between sender and receiver; 

generating a sequence of unpredictable elements each of *-bit length from said 
secret, random initial vector in the same manner as used at signing method; and 

selecting n plaintext blocks from said string in the same order as that used at 
the signing method, and combining said selected plaintext blocks with a different 
corresponding element of said sequence of unpredictable elements to obtain a plurality of 
input blocks, in the same manner as that used at the signing method. 

55. (Withdrawn) The method of claim 52, further comprising: 
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selecting one block of the from said string presented for authentication, which 
block contains a random number; and 

enciphering the selected block to obtain the random initial vector using the 
block cipher using a first secret key. 

56. (Withdrawn) The method of claim 52, further comprising: 

for the signing method generating a random initial vector by enciphering a 
count of a counter initialized to a constant, said enciphering being performed with the block 
cipher using a secret key; and 

incrementing said counter by one on every message signing; and 

further comprising for authentication of the partitioned plaintext string the 

steps of: 

selecting a counter block representing the count of the counter from said string 
presented at verification; and 

enciphering said selected counter block to obtain a random initial vector. 

57. (Withdrawn) The method as defined in claim 56, wherein the enciphering step 
comprises performing said enciphering using the block cipher using the secret key. 

58. (Withdrawn - Currently amended) An authentication method providing a data 
signing function that updates an authentication tag incrementally, comprising the steps of: 

receiving an input plaintext string comprising the data to be signed and 
padding it as necessary such that its length is a multiple of I bits; 

partitioning the padded input plaintext string into a plurality of equal-size 
plaintext blocks of t bits in length; 

performing a randomization function over said plurality of plaintext blocks to 
create a plurality of input blocks each of / bits in length; 

applying a block cipher using a secret key over each of the said input blocks 
to create a plurality of enciphered blocks each of L bits in length; 

after said applying step, p erforming a combination operation over said 
plurality of enciphered blocks to create an authentication tag, said combination operation 
having an inverse; and 
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further comprising the steps of: 

receiving an input plaintext string including a plaintext string and an input 
authentication tag; 

partitioning said plaintext string into a plurality of n plaintext blocks 
comprising / bits each; 

receiving a new /-bit input plaintext block to replace an /-bit plaintext block of 

said input plaintext string at index i; 

performing the same randomization function as that used at a signing method, 
using index i, on said new input plaintext block to create a first input block and performing 
the same randomization function as that used at a signing method, using index i, on said 
plaintext block at index i to create a second input block, each of the said created input blocks 
having / bits in length; 

applying a block cipher using a secret key to the first input block and the 
second input block to create a first enciphered block and a second enciphered block, each of L 
bits in length; 

performing the inverse of said combination operation used at a signing method 
for determining an authentication tag to the input authentication tag and said second 
enciphered block; 

performing the said combination operation used at a signing method for 
determining an authentication tag to first enciphered block and the result of performing the 
inverse of said combination operation; and 

outputting the result of performing said combination operation to the first 
enciphered block and the result of performing the inverse of said combination operation as 
the authentication tag. 

59. (Withdrawn) The method of claim 58 comprising the steps of: 

receiving a plurality of new /-bit input plaintext blocks to replace a plurality of 

/-bit plaintext blocks of said input plaintext string at index i; and 

providing a data signing function that determines an authentication tag 

incrementally for each of the said plurality of new /-bit input plaintext blocks. 
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60. (Withdrawn - Currently amended) An authentication method providing a data 
signing function that determines an authentication tag, comprising the steps of: 

receiving an input plaintext string comprising the data to be signed and 
padding it as necessary such that its length is a multiple of / bits; 

partitioning the padded input plaintext string into a plurality of equal-size 
plaintext blocks of t bits in length; 

performing a randomization function over each of said plurality of plaintext 
blocks using a different index for each plaintext block to create a plurality of input blocks 
each of I bits in length; 

applying a block cipher using a secret key over each of the said input blocks 
to create a plurality of enciphered blocks each of L bits in length; 

after said applying step, p erforming a combination operation over said 
plurality of enciphered blocks to create an authentication tag; and 

further providing an out-of-order verification function for the authentication 
method comprising the steps of: 

receiving an input authentication tag for verification and a plurality of n 
plaintext blocks comprising I bits each, each plaintext block being accompanied by a different 
index; 

performing a randomization function over each of said plurality of plaintext 
blocks using said index for each plaintext block to create a plurality of input blocks each of t 
bits in length; 

applying a block cipher using a secret key over each of the said input blocks to 
create a plurality of enciphered blocks each of L bits in length; 

performing the same combination operation as that used at a signing method 
for determining an authentication tag over said plurality of enciphered blocks to compute an 
authentication tag; 

verifying integrity of the plaintext blocks by comparing the input 
authentication tag and the computed authentication tag. 
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61 . (Currently amended) An authentication system for providing a data signing 
function that determines an authentication tag for use in conjunction with transfer of data 
using a communication channel or with data storage on storage media, comprising: 

a partitioner for partitioning said data into a plurality of data blocks; 

a randomization component which, for each of said data blocks, performs a 
randomization function over said data block to create an input block of the same size as that 
of said data block, said input block not including a block identifier; 

a pseudo-random encipher component for applying a pseudo-random function 
to each said input block to create a plurality of enciphered blocks; and 

a combining component for combining said plurality of enciphered blocks 
after said pseudo-random encipher component has applied a pseudo-random function, to 
create an authentication tag. 

62. (Original) The system of claim 61, wherein the pseudo-random encipher 
component applies a pseudo-random function that is a standard block cipher. 

63. (Currently amended) An authentication system for providing a data signing 
function that determines an authentication tag, comprising: 

a partitioner for partitioning an input plaintext string into a plurality of equal- 
size plaintext blocks of t bits in length; 

a first component for creating a random vector of I bits in length; 

a second component for performing a randomization function over said 
plurality of plaintext blocks and the random vector block to create a plurality of input blocks 
each of t bits in length; 

a block cipher component for applying a block cipher using a secret key over 
each of said input blocks to create a plurality of enciphered blocks each of L bits in length; 
and 

a combining component for performing a combination operation over said 
plurality of enciphered blocks after said block cipher component has applied a block cipher, 
to create an authentication tag. 
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64. (Currently amended) An authentication system for providing a data signing 
function that determines an authentication tag, comprising: 

a partitioning component for partitioning a padded input plaintext string into a 
plurality of n equal-size plaintext blocks of I bits in length; 

a first component for performing a randomization function over said plurality 
of n plaintext blocks to create a plurality of input blocks each of I bits in length; 

a second component for applying a block cipher using a secret key over each 
of the said input blocks to create a plurality of enciphered blocks each of L bits in length; and 

a combining component for performing a combination operation over said 
plurality of enciphered blocks after said second component has applied a block cipher, t o 
create an authentication tag. 

65. (Withdrawn - Currently amended) A verification system for an authentication 
method, which provides data integrity, comprising: 

a receiver for receiving a string including a plaintext string and an input 
authentication tag for verification; 

a partitioner component for partitioning said plaintext string into a plurality of 
n plaintext blocks comprising I bits each; 

a first component for performing the same randomization function as that used 
at a signing method for determining an authentication tag over said plurality of plaintext 
blocks to create a plurality of input blocks each of / bits in length; 

a second component for applying a block cipher using a secret key over each 
of the said input blocks to create a plurality of enciphered blocks each of L bits in length; 

a combining component for performing after said second component has 
applied a block cipher, the same combination operation as that used at a signing method for 
determining an authentication tag over said plurality of enciphered blocks to compute an 
authentication tag; and 

a comparator for verifying integrity of the plaintext blocks by comparing the 
input authentication tag and the computed authentication tag. 
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66 (Withdrawn - Currently Amended ) The system as defined in claim 65, 
further comprising: 

a third component for creating a secret random vector block of I bits in length; 

wherein the first component performs the same randomization function as that 
used at the signing method over said plurality of plaintext blocks and the secret random 
vector block to create a plurality of input blocks each of I bits in length which are then 
provided to the second component for applying the block cipher ; 

wherein the first component performing said randomization function further 

comprises: 

a component for deriving a random initial vector from said string presented for 

verification; 

a component for generating a sequence of unpredictable elements each of /-bit 
length from said random initial vector in the same manner as used at signing method; and 

a component for selecting n plaintext blocks from said string in the same order 
as that used at the signing method, and combining said selected plaintext blocks and the 
random vector with a different corresponding element of said sequence of unpredictable 
elements to obtain a plurality of input blocks, in the same manner as that used at the signing 
method. 

67. (Withdrawn) The system as defined in claim 65, wherein the first component 
for performing said randomization function further comprises: 

a component for using a secret, random initial vector shared between sender 

and receiver; 

a component for generating a sequence of unpredictable elements each of /-bit 
length from said secret random initial vector in the same manner as used at signing method; 
and 

a component for selecting n plaintext blocks from said string in the same order 
as that used at the signing method, and combining said selected plaintext blocks with a 
different corresponding element of said sequence of unpredictable elements to obtain a 
plurality of input blocks, in the same manner as that used at the signing method. 
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68. (Withdrawn - Currently amended) An authentication system for providing a 
data signing function that updates an authentication tag incrementally, comprising: 

a partitioner for partitioning an input plaintext string into a plurality of equal- 
size plaintext blocks of I bits in length; 

a first component for performing a randomization function over said plurality 
of plaintext blocks to create a plurality of input blocks each of I bits in length; 

a block cipher component for applying a block cipher using a secret key over 
each of the said input blocks to create a plurality of enciphered blocks each of L bits in 
length; 

a combining component for performing a combination operation over said 
plurality of enciphered blocks after said block cipher component has applied a block cipher, 
to create an authentication tag, said combination operation having an inverse; and 

further comprising: 

a receiver for receiving an input plaintext string including a plaintext string 
and an input authentication tag; 

a partitioner component for partitioning said plaintext string into a plurality of 
n plaintext blocks comprising I bits each; 

a second receiver for receiving a new 4-bit input plaintext block to replace an l- 

bit plaintext block of said input plaintext string at index i; 

a component for performing the same randomization function as that used at a 
signing method, using index i, on said new input plaintext block to create a first input block 
and performing the same randomization function as that used at a signing method, using 
index i, on said plaintext block at index i to create a second input block, each of the said 
created input blocks having I bits in length; 

a third component for applying a block cipher using a secret key to the first 
input block and the second input block to create a first enciphered block and a second 
enciphered block, each of L bits in length; 

a fourth component for performing the inverse of said combination operation 
used at a signing method for determining an authentication tag to the input authentication tag 
and said second enciphered block; 
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a fifth component for performing the said combination operation used at a 
signing method for determining an authentication tag to first enciphered block and the result 
of performing the inverse of said combination operation; and 

a sixth component for outputting the result of performing said combination 
operation to the first enciphered block and the result of performing the inverse of said 
combination operation as the authentication tag. 

69. (Withdrawn) The system of claim 68, further comprising: 

a third receiver component for receiving a plurality of new l-bit input plaintext 
blocks to replace a plurality of /-bit plaintext blocks of said input plaintext string at index i; 
and 

a seventh component for providing a data signing function that determines an 
authentication tag incrementally for each of the said plurality of new l-bit input plaintext 
blocks. 

70. (Withdrawn - Currently amended) An authentication system for providing a 
data signing function that determines an authentication tag, comprising: 

a partitioner for partitioning the padded input plaintext string into a plurality of 
equal-size plaintext blocks of I bits in length; 

a randomization component for performing a randomization function over 
each of said plurality of plaintext blocks using a different index for each plaintext block to 
create a plurality of input blocks each of I bits in length; 

a pseudo-random encipher component for applying a block cipher using a 
secret key over each of the said input blocks to create a plurality of enciphered blocks each of 
L bits in length; 

a combining component for combining said plurality of enciphered blocks 
after said pseudo-random encipher component has applied a block cipher, to create an 
authentication tag; and 

further providing an out-of-order verification function for the authentication 

method comprising: 
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a receiver for receiving an input authentication tag for verification and a 
plurality of n plaintext blocks comprising t bits each, each plaintext block being accompanied 

by a different index; 

a randomization component for performing a randomization function over 
each of said plurality of plaintext blocks using said index for each plaintext block to create a 
plurality of input blocks each of I bits in length; 

a pseudo-random encipher component for applying a block cipher using a 
secret key over each of the said input blocks to create a plurality of enciphered blocks each of 
L bits in length; 

a combining component for performing the same combination operation as 
that used at a signing method for determining an authentication tag over said plurality of 
enciphered blocks to compute an authentication tag; 

a comparator for verifying integrity of the plaintext blocks by comparing the 
input authentication tag and the computed authentication tag. 

71 . (Currently amended) A program product for providing a data signing function 
that determines an authentication tag for use in conjunction with transfer of data using a 
communication channel or with data storage on storage media, comprising computer readable 
program code, including: 

first code for partitioning said data into a plurality of data blocks; 

second code which, for each of said data blocks, performs a randomization 
function over said data block to create an input block of the same size as that of said data 
block, said input block not including a block identifier; 

third code for applying a pseudo-random function to each said input block to 
create a plurality of enciphered blocks; and 

fourth code for combining said plurality of enciphered blocks after said third 
code has applied the pseudo-random function to each input block, to create an authentication 
tag. 



-19- 

WASH 1471933.1 



a 



Atty. Dkt. No. 068398-0104 

72. (Previously presented) The program product of claim 71, wherein the third 
code for applying the pseudo-random function applies a pseudo-random function that is a 
standard block cipher. 

73. (Currently amended) A program product for providing a data signing function 
that determines an authentication tag, comprising computer readable program code including: 

code for partitioning an input plaintext string into a plurality of equal-size 
plaintext blocks of I bits in length; 9 

code for creating a random vector of I bits in length; 

code for performing a randomization function over said plurality of plaintext 
blocks and the random vector block to create a plurality of input blocks each of I bits in 
length; 

code for applying a block cipher using a secret key over each of said input 
blocks to create a plurality of enciphered blocks each of L bits in length; and 

code for performing a combination operation over said plurality of enciphered 
blocks after said code for applying a block cipher has applied the block cipher to each input 
block, to create an authentication tag. 

74. (Currently amended) A program product for providing a data signing function 
that determines an authentication tag, comprising computer readable program code including: 

first code for partitioning a padded input plaintext string into a plurality of n 
equal-size plaintext blocks of I bits in length; 

second code for performing a randomization function over said plurality of n 
plaintext blocks to create a plurality of input blocks each of I bits in length; 

third code for applying a block cipher using a secret key over each of the said 
input blocks to create a plurality of enciphered blocks each of L bits in length; and 

code for performing a combination operation over said plurality of enciphered 
blocks after said third code has applied the block cipher to each input block, to create an 
authentication tag. 

75. (Withdrawn - Currently amended) A program product for an authentication 
method, which provides data integrity, comprising: 
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first code for receiving a string including a plaintext string and an input 
authentication tag for verification; 

second code for partitioning said plaintext string into a plurality of n plaintext 
blocks comprising I bits each; 

third code for performing the same randomization function as that used at a 
signing method for determining an authentication tag over said plurality of plaintext blocks to 
create a plurality of input blocks each of I bits in length; 

fourth code for applying a block cipher using a secret key over each of the said 
input blocks to create a plurality of enciphered blocks each of L bits in length; 

fifth code for performing the same combination operation as that used at a 
signing method for determining an authentication tag over said plurality of enciphered blocks 
after said fourth code has applied the block cipher to each input block, t o compute an 
authentication tag; and 

sixth code for verifying integrity of the plaintext blocks by comparing the 
input authentication tag and the computed authentication tag. 

76. (Withdrawn - Currently amended) The program product as defined in claim 
75, further comprising: 

seventh code for creating a secret random vector block of t bits in length; 

wherein the third code performs the same randomization function as that used 
at the signing method over said plurality of plaintext blocks and the secret random vector 
block to create a plurality of input blocks each of I bits in length which are then operated on 
by the fourth code for applying the block cipher ; 

wherein the third code performing said randomization function further 

comprises: 

code for deriving a random initial vector from said string presented for 

verification; 

code for generating a sequence of unpredictable elements each of /-bit length 
from said random initial vector in the same manner as used at signing method; and 

code for selecting n plaintext blocks from said string in the same order as that 
used at the signing method, and combining said selected plaintext blocks and the random 
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vector with a different corresponding element of said sequence of unpredictable elements to 
obtain a plurality of input blocks, in the same manner as that used at the signing method. 

77. (Withdrawn) The program product as defined in claim 75, wherein the third 
code for performing said randomization function further comprises: 

code for using a secret, random initial vector shared between sender and 

receiver; 

code for generating a sequence of unpredictable elements each of /-bit length 
from said secret random initial vector in the same manner as used at signing method; and 

code for selecting n plaintext blocks from said string in the same order as that 
used at the signing method, and combining said selected plaintext blocks with a different 
corresponding element of said sequence of unpredictable elements to obtain a plurality of 
input blocks, in the same manner as that used at the signing method. 

78. (Withdrawn - Currently amended) A program product for providing a data 
signing function that updates an authentication tag incrementally, comprising: 

first code for partitioning an input plaintext string into a plurality of equal-size 
plaintext blocks of I bits in length; 

second code for performing a randomization function over said plurality of 
plaintext blocks to create a plurality of input blocks each of I bits in length; 

third code for applying a block cipher using a secret key over each of the said 
input blocks to create a plurality of enciphered blocks each of L bits in length; 

fourth code for performing a combination operation over said plurality of 
enciphered blocks after said third code has applied the block cipher to each input block, to 
create an authentication tag, said combination operation having an inverse; and 

further comprising: 

fifth code for receiving an input plaintext string including a plaintext string 
and an input authentication tag; 

sixth code for partitioning said plaintext string into a plurality of n plaintext 
blocks comprising t bits each; 
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seventh code for receiving a new /-bit input plaintext block to replace an /-bit 

plaintext block of said input plaintext string at index i; 

eighth code for performing the same randomization function as that used at a 
signing method, using index i, on said new input plaintext block to create a first input block 
and performing the same randomization function as that used at a signing method, using 
index i, on said plaintext block at index i to create a second input block, each of the said 
created input blocks having / bits in length; 

ninth code for applying a block cipher using a secret key to the first input 
block and the second input block to create a first enciphered block and a second enciphered 
block, each of L bits in length; 

tenth code for performing the inverse of said combination operation used at a 
signing method for determining an authentication tag to the input authentication tag and said 
second enciphered block; 

eleventh code for performing the said combination operation used at a signing 
method for determining an authentication tag to first enciphered block and the result of 
performing the inverse of said combination operation; and 

twelfth code for outputting the result of performing said combination operation 
to the first enciphered block and the result of performing the inverse of said combination 
operation as the authentication tag. 

79. (Withdrawn) The program product of claim 78, further comprising: 
fourteenth code for receiving a plurality of new /-bit input plaintext blocks to 

replace a plurality of /-bit plaintext blocks of said input plaintext string at index i; and 

fifteenth code for providing a data signing function that determines an 
authentication tag incrementally for each of the said plurality of new /-bit input plaintext 

blocks. 

80. (Withdrawn - Currently amended) An program product for providing a data 
signing function that determines an authentication tag, comprising: 

first code for partitioning the padded input plaintext string into a plurality of 
equal-size plaintext blocks of / bits in length; 
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second code for performing a randomization function over each of said 
plurality of plaintext blocks using a different index for each plaintext block to create a 
plurality of input blocks each of I bits in length; 

third code for applying a block cipher using a secret key over each of the said 
input blocks to create a plurality of enciphered blocks each of L bits in length; 

fourth code for combining said plurality of enciphered blocks to create an 
authentication tag; and 

further providing an out-of-order verification function for the authentication 
method comprising: 

fifth code for receiving an input authentication tag for verification and a 
plurality of n plaintext blocks comprising / bits each, each plaintext block being accompanied 

by a different index; 

sixth code for performing a randomization function over each of said plurality 
of plaintext blocks using said index for each plaintext block to create a plurality of input 
blocks each of t bits in length; 

seventh code for applying a block cipher using a secret key over each of the 
said input blocks to create a plurality of enciphered blocks each of L bits in length; 

eighth code for performing the same combination operation as that used at a 
signing method for determining an authentication tag over said plurality of enciphered blocks 
after said seventh code has applied the block cipher to each input block, t o compute an 
authentication tag; 

ninth code for verifying integrity of the plaintext blocks by comparing the 
input authentication tag and the computed authentication tag. 

8 1 . (Previously presented) The method as defined in claim 1 , wherein said 
partitioning said data into a plurality of data blocks further comprises data padding. 

82. (Previously presented) The method as defined in claim 7, 

wherein said combining to create a plurality of input blocks comprises an 
operation that has an inverse, and 
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wherein the result of the combination of any two different unpredictable 
elements of the sequence of unpredictable elements by said inverse operation is 
unpredictable; and 

wherein said unpredictable elements selected as said two unpredictable 
elements are any two different elements of the same sequence of unpredictable elements used 
for the signing of said plaintext string; and 

wherein said unpredictable elements selected as said two unpredictable 
elements are any two different elements of a plurality of sequences of unpredictable elements 
used for the signing of a plurality of plaintext strings with the same secret key K. 

83. (Previously presented) The method as defined in claim 7, wherein 

if said combining to create a plurality of input blocks comprises an addition 

modulo 2 e operation, the result of the combination of any two different unpredictable 
elements of the sequence of unpredictable elements by a subtraction modulo 2 l operation is 
unpredictable; 

else if said combining to create a plurality of input blocks comprises a bit- wise 
exclusive-or operation, the result of the combination of any two different unpredictable 
elements of the sequence of unpredictable elements by a bit-wise exclusive-or operation is 
unpredictable; 

else if said combining to create a plurality of input blocks comprises a 
subtraction modulo 2 l operation, the result of the combination of any two different 
unpredictable elements of the sequence of unpredictable elements by an addition modulo 2 e 
operation is unpredictable; and 

wherein said unpredictable elements selected as said two unpredictable 
elements are any two different elements of the same sequence of unpredictable elements used 
for the signing of said plaintext string; and 

wherein said unpredictable elements selected as said two unpredictable 
elements are any two different elements of a plurality of sequences of unpredictable elements 
used for the signing of a plurality of plaintext strings with the same secret key K. 

84. (Previously presented) The method as defined in claim 37, 
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wherein said combining to create a plurality of input blocks comprises an 
operation that has an inverse, and 

wherein the result of the combination of any two different unpredictable 
elements of the sequence of unpredictable elements by said inverse operation is 
unpredictable; and 

wherein said unpredictable elements selected as said two unpredictable 
elements are any two different elements of the same sequence of unpredictable elements used 
for the signing of said plaintext string; and 

wherein said unpredictable elements selected as said two unpredictable 
elements are any two different elements of a plurality of sequences of unpredictable elements 
used for the signing of a plurality of plaintext strings with the same secret key K. 

85. (Previously presented) The method as defined in claim 37, wherein 

if said combining to create a plurality of input blocks comprises an addition 

modulo 2 e operation, the result of the combination of any two different unpredictable 
elements of the sequence of unpredictable elements by a subtraction modulo 2* operation is 
unpredictable; 

else if said combining to create a plurality of input blocks comprises a bit- wise 
exclusive-or operation, the result of the combination of any two different unpredictable 
elements of the sequence of unpredictable elements by a bit-wise exclusive-or operation is 
unpredictable; 

else if said combining to create a plurality of input blocks comprises a 
subtraction modulo 2 e operation, the result of the combination of any two different 
unpredictable elements of the sequence of unpredictable elements by an addition modulo 2 e 
operation is unpredictable; and 

wherein said unpredictable elements selected as said two unpredictable 
elements are any two different elements of the same sequence of unpredictable elements used 
for the signing of said plaintext string; and 

wherein said unpredictable elements selected as said two unpredictable 
elements are any two different elements of a plurality of sequences of unpredictable elements 
used for the signing of a plurality of plaintext strings with the same secret key K. 
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86. (Previously presented) The program product defined in claim 71 , wherein the 
program code for causing the performance of the step of partitioning said data into a plurality 
of data blocks further comprises data padding. 

87. (Withdrawn) The program product defined in claim 77, 

wherein the program code for causing the performance of the step of 
combining to create a plurality of input blocks comprises an operation that has an inverse, and 

wherein the result of the combination of any two different unpredictable 
elements of the sequence of unpredictable elements by said inverse operation is 
unpredictable; and 

wherein said unpredictable elements selected as said two unpredictable 
elements are any two different elements of the same sequence of unpredictable elements used 
for the signing of said plaintext string; and 

wherein said unpredictable elements selected as said two unpredictable 
elements are any two different elements of a plurality of sequences of unpredictable elements 
used for the signing of a plurality of plaintext strings with the same secret key K. 

88. (Withdrawn) The program product defined in claim 76, wherein 

if the program code for causing the performance of the step of combining to 
create a plurality of input blocks comprises an addition modulo 2 l operation, the result of the 
combination of any two different unpredictable elements of the sequence of unpredictable 
elements by a subtraction modulo 2 e operation is unpredictable; 

else if the program code for causing the performance of the step of combining 
to create a plurality of input blocks comprises a bit-wise exclusive-or operation, the result of 
the combination of any two different unpredictable elements of the sequence of unpredictable 
elements by a bit-wise exclusive-or operation is unpredictable; 

else if the program code for causing the performance of the step of combining 
to create a plurality of input blocks comprises a subtraction modulo 2 e operation, the result of 
the combination of any two different unpredictable elements of the sequence of unpredictable 
elements by an addition modulo 2 e operation is unpredictable; and 
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wherein said unpredictable elements selected as said two unpredictable 
elements are any two different elements of the same sequence of unpredictable elements used 
for the signing of said plaintext string; and 

wherein said unpredictable elements selected as said two unpredictable 
elements are any two different elements of a plurality of sequences of unpredictable elements 
used for the signing of a plurality of plaintext strings with the same secret key K. 

89. (Previously presented) The system defined in claim 61, wherein the partitioner 
component partitioning said data into a plurality of data blocks further comprises a 
component for data padding. 

90. (Previously presented) The system defined in claim 66, 

wherein the component for creating a plurality of input blocks comprises a 
component for an operation that has an inverse, and 

wherein the result of the combination of any two different unpredictable 
elements of the sequence of unpredictable elements by said inverse operation is 
unpredictable; and 

wherein said unpredictable elements selected as said two unpredictable 
elements are any two different elements of the same sequence of unpredictable elements used 
for the signing of said plaintext string; and 

wherein said unpredictable elements selected as said two unpredictable 
elements are any two different elements of a plurality of sequences of unpredictable elements 
used for the signing of a plurality of plaintext strings with the same secret key K. 

91 . (Previously presented) The system defined in claim 66, wherein 

if the component for creating a plurality of input blocks comprises a 
component for an addition modulo 2 e operation, the result of the combination of any two 
different unpredictable elements of the sequence of unpredictable elements by a subtraction 

modulo 2 e operation is unpredictable; 

else if the component for creating a plurality of input blocks comprises a 
component for a bit-wise exclusive-or operation, the result of the combination of any two 
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different unpredictable elements of the sequence of unpredictable elements by a bit-wise 
exclusive-or operation is unpredictable; 

else if the component for creating a plurality of input blocks comprises a 

component for a subtraction modulo 2 l operation, the result of the combination of any two 
different unpredictable elements of the sequence of unpredictable elements by an addition 
modulo 2* operation is unpredictable; and 

wherein said unpredictable elements selected as said two unpredictable 
elements are any two different elements of the same sequence of unpredictable elements used 
for the signing of said plaintext string; and 
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